Merge pull request #57 from bodgery/cookie-session

Switch to Express/Cookie-Session

Author: kevinastone

.dockerignore

@@ -2,4 +2,3 @@
 Dockerfile
 *.Dockerfile
 node_modules
-!node_modules/connect-pg-simple/table.sql

app.ts

@@ -3,7 +3,7 @@ import * as c from "./src/context";
 import * as Tokens from "csrf";
 import * as express from "express";
 import * as handlebars from "express-handlebars";
-import * as session from "express-session";
+import session = require("cookie-session"); // CommonJS Typescript workaround: https://www.typescriptlang.org/docs/handbook/modules.html#export--and-import--require
 import * as fs from "fs";
 import * as shortid from "shortid";
 import * as request_funcs from "./src/request_funcs";
@@ -107,17 +107,11 @@ function setup_app_params( conf, db, typeorm_connection, logger )
     let use_secure_cookie = (conf['deployment_type'] == "prod");
     let session_options = {
         secret: conf.session_secret
-        ,resave: false
-        ,saveUninitialized: true
-        ,cookie: {
-            maxAge: conf.session_length_sec
-            ,sameSite: true
-            ,secure: use_secure_cookie
-            ,httpOnly: true
-        }
+        ,maxAge: conf.session_length_sec
+        ,sameSite: true
+        ,secure: use_secure_cookie
+        ,httpOnly: true
     };
-    let session_store = db.session_store( session );
-    if(session_store) session_options['store'] = session_store;
 
     let app = express();
     app.use( session( session_options ) );

database.Dockerfile

@@ -1,4 +1,3 @@
 FROM postgres:alpine
 
 ADD sql/pg.sql /docker-entrypoint-initdb.d/01_create_tables.sql
-ADD node_modules/connect-pg-simple/table.sql /docker-entrypoint-initdb.d/02_sessions.sql

package-lock.json

@@ -12,9 +12,8 @@
   "dependencies": {
     "@types/assert": "^1.4.2",
     "@types/bcrypt": "^3.0.0",
-    "@types/connect-pg-simple": "^4.2.0",
+    "@types/cookie-session": "^2.0.41",
     "@types/express": "^4.16.1",
-    "@types/express-session": "^1.15.12",
     "@types/js-yaml": "^3.12.0",
     "@types/nconf": "^0.10.0",
     "@types/pg": "^7.4.14",
@@ -25,13 +24,12 @@
     "assert": "^1.4.1",
     "bcrypt": "^5.0.0",
     "body-parser": "^1.18.3",
-    "connect-pg-simple": ">=6.0.1",
+    "cookie-session": "^1.4.0",
     "crypto-random-string": "^3.0.1",
     "csrf": "^3.1.0",
     "express": "^4.16.4",
     "express-handlebars": "^3.0.2",
     "express-oauth-server": "^2.0.0",
-    "express-session": "^1.16.1",
     "googleapis": "^40.0.0",
     "js-yaml": "^3.13.1",
     "logger": "^0.0.1",
@@ -58,6 +56,7 @@
     "mocha": "^8.1.3",
     "sinon": "^9.0.3",
     "supertest": "^3.3.0",
+    "supertest-session": "^4.1.0",
     "ts-mocha": "^6.0.0",
     "ts-node": "^8.0.3"
   }

package.json

@@ -10,7 +10,6 @@ DB_PASS=`grep "db_password:" config.yaml | perl -E 'say( (split /:\s*/, <>)[1] )
 psql -f sql/clear_pg_tables.sql ${DB}
 psql -f sql/pg.sql ${DB}
 #psql -f sql/test_log_data.sql ${DB}
-psql -f node_modules/connect-pg-simple/table.sql ${DB}
 
 npx typeorm-model-generator \
     -h localhost \

sql/rebuild_pg.sh

@@ -380,11 +380,6 @@ export class MockDB
         success_callback();
     }
 
-    session_store( express_session )
-    {
-        return null;
-    }
-
     add_token(
         username: string
         ,token: string

src/db-mock.ts

@@ -1,7 +1,6 @@
 import * as db_impl from "./db";
 import * as pg from "pg";
 import * as pg_escape from "pg-escape";
-import * as session from "connect-pg-simple";
 
 
 let no_rows_callback_builder = (member_id, callback) => {
@@ -679,15 +678,6 @@ export class PG
         );
     }
 
-    session_store( express_session )
-    {
-        let pg_session = session( express_session );
-        let full_session = new pg_session({
-            pool: this.pool
-        });
-        return full_session;
-    }
-
     is_token_allowed(
         token: string
         ,success_callback: () => void